Feature #20774
closed
Change Hardcoded MD5 Password Encryption in User/Setup
Added by Steffen Ritter over 15 years ago.
Updated over 14 years ago.
Description
Currently it is only possible to change your BE-Password via User->Setup to an md5 hash.
For saltedpasswords integration this must be flexible
Solution:
Introduce an Hook zu register your own eval-Func.
thanks to Steffen Kamper who provided the patch, saltedpasswords is using
(issue imported from #M11564)
Files
Question:
why do we have 2 salted passwords extensions?
is t3sec_saltedpw from TER supposed to work with 4.3, too ?
hi Rupert,
t3sec_saltedpw will get <4.3...
saltedpasswords in trunk is the sys-ext implementation which was nearly build from scratch.
Will apply your patch and commit it to saltedpasswords trunk!
how to test:
- check out latest "saltedpasswords" from svn
- install it and configure it to be used for be_user passwords
- apply the patch 11564_ext_saltedpw.diff to "saltedpasswords"
- apply the patch 11564_saltedpwhook_v2.diff to TYPO3 trunk
- open the setup module and change your password
- log out
- log in with your new password
saltedpassword changes committed,
so you can skip patching saltedpasswords
Thanks a lot, Steffen!
Again for clarification:
- t3sec_saltedpw is a extension in TER to be used with TYPO3 < 4.3
(considered to be as proof of concept althought it is already widely deployed)
- saltedpasswords will be a sysext for TYPO3 4.3
(backwards compatible with t3sec_saltedpw; provides further hashing methods)
Regarding Forge: sysext is in trunk, TER ext is in branch RB-TER
thanks steffen.
did it work for you?
shure, works for me!
so +1 :)
committed attached v3 to trunk rev 5957
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by